General
-
Target
JaffaCakes118_087350dd3a995f36153b082ac706a2cc
-
Size
2.2MB
-
Sample
250524-ah38bszwey
-
MD5
087350dd3a995f36153b082ac706a2cc
-
SHA1
cbe6fee1bc5a888a85a2c314c16ea0bff426226f
-
SHA256
e21af39b071a0aeb883ec61cd74caa7b89e4db40bd5931acfe73e8657623bd3c
-
SHA512
d5690d681690002b46718e062d2875739f01ab83a559e35856ea305e649651df1fd930e83427138e057e7df2530698d04b0691581772625fe85f816be917c030
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ3:0UzeyQMS4DqodCnoe+iitjWwwz
Behavioral task
behavioral1
Sample
JaffaCakes118_087350dd3a995f36153b082ac706a2cc.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_087350dd3a995f36153b082ac706a2cc.exe
Resource
win11-20250502-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
JaffaCakes118_087350dd3a995f36153b082ac706a2cc
-
Size
2.2MB
-
MD5
087350dd3a995f36153b082ac706a2cc
-
SHA1
cbe6fee1bc5a888a85a2c314c16ea0bff426226f
-
SHA256
e21af39b071a0aeb883ec61cd74caa7b89e4db40bd5931acfe73e8657623bd3c
-
SHA512
d5690d681690002b46718e062d2875739f01ab83a559e35856ea305e649651df1fd930e83427138e057e7df2530698d04b0691581772625fe85f816be917c030
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ3:0UzeyQMS4DqodCnoe+iitjWwwz
-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Pony family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4